[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-3543-gf8f21c8
Michael Adam
obnox at samba.org
Tue Aug 5 21:46:13 GMT 2008
The branch, v3-3-test has been updated
via f8f21c8e3922806230e240cb54205fc2db7a3619 (commit)
via bfc5d34a196f667276ce1e173821db478d01258b (commit)
via 7edfb54c865ddcfd5cdcc8c2184b96aaac2d2ec0 (commit)
via 72bd83fea7572a6202027b200d192c05023aa633 (commit)
via 103ce6c9e94ce74e616fe922f2584fd46ae1f3f8 (commit)
from 148a012421cdd875167e708c5dfa771d97bf9856 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit f8f21c8e3922806230e240cb54205fc2db7a3619
Author: Michael Adam <obnox at samba.org>
Date: Tue Aug 5 23:38:56 2008 +0200
dbwrap: add comment describing behaviour of dbwrap_change_int32_atomic().
Michael
commit bfc5d34a196f667276ce1e173821db478d01258b
Author: Michael Adam <obnox at samba.org>
Date: Tue Aug 5 23:14:05 2008 +0200
secrets: fix replacemend random seed generator (security issue).
This is a regression introduced by the change to dbwrap.
The replacement dbwrap_change_int32_atomic() does not
correctly mimic the behaviour of tdb_change_int32_atomic():
The intended behaviour is to use *oldval as an initial
value when the entry does not yet exist in the db and to
return the old value in *oldval.
The effect was that:
1. get_rand_seed() always returns sys_getpid() in *new_seed
instead of the incremented seed from the secrets.tdb.
2. the seed stored in the tdb is always starting at 0 instead
of sys_getpid() + 1 and incremented in subsequent calls.
In principle this is a security issue, but i think the danger is
low, since this is only used as a fallback when there is no useable
/dev/urandom, and this is at most called on startup or via
reinit_after_fork.
Michael
commit 7edfb54c865ddcfd5cdcc8c2184b96aaac2d2ec0
Author: Michael Adam <obnox at samba.org>
Date: Tue Aug 5 23:13:06 2008 +0200
dbwrap: add comment describing behaviour of dbwrap_change_uint32_atomic().
Michael
commit 72bd83fea7572a6202027b200d192c05023aa633
Author: Michael Adam <obnox at samba.org>
Date: Tue Aug 5 22:38:44 2008 +0200
idmap_tdb2: fix a race condition in idmap_tdb2_allocate_id().
The race is a regression introduced by the change to dbwrap.
It might have led to two concurrent processes returning the same id.
This fix is achieved by changing dbwrap_change_uint32_atomic() to
match the original behaviour of tdb_change_uint32_atomic(), which
is the following: *oldval is used as initial value when
the value does not yet exist and that the old value should be
returned in *oldval.
dbwrap_change_uint32_atomic() is used (only) in idmap_tdb2.c,
to get new ids.
Michael
commit 103ce6c9e94ce74e616fe922f2584fd46ae1f3f8
Author: Michael Adam <obnox at samba.org>
Date: Mon Aug 4 23:30:16 2008 +0200
registry: use _bystring wrappers to dbwrap_trans_(store|delete).
Michael
-----------------------------------------------------------------------
Summary of changes:
source/lib/dbwrap_util.c | 30 ++++++++++++++++++++++++++----
source/registry/reg_backend_db.c | 9 +++------
2 files changed, 29 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/lib/dbwrap_util.c b/source/lib/dbwrap_util.c
index 07e5082..09e9071 100644
--- a/source/lib/dbwrap_util.c
+++ b/source/lib/dbwrap_util.c
@@ -98,6 +98,13 @@ bool dbwrap_store_uint32(struct db_context *db, const char *keystr, uint32_t v)
return NT_STATUS_IS_OK(status) ? 0 : -1;
}
+/**
+ * Atomic unsigned integer change (addition):
+ *
+ * if value does not exist yet in the db, use *oldval as initial old value.
+ * return old value in *oldval.
+ * store *oldval + change_val to db.
+ */
uint32_t dbwrap_change_uint32_atomic(struct db_context *db, const char *keystr,
uint32_t *oldval, uint32_t change_val)
{
@@ -110,9 +117,13 @@ uint32_t dbwrap_change_uint32_atomic(struct db_context *db, const char *keystr,
return -1;
}
- if ((rec->value.dptr != NULL)
- && (rec->value.dsize == sizeof(val))) {
+ if (rec->value.dptr == NULL) {
+ val = *oldval;
+ } else if (rec->value.dsize == sizeof(val)) {
val = IVAL(rec->value.dptr, 0);
+ *oldval = val;
+ } else {
+ return -1;
}
val += change_val;
@@ -127,6 +138,13 @@ uint32_t dbwrap_change_uint32_atomic(struct db_context *db, const char *keystr,
return 0;
}
+/**
+ * Atomic integer change (addition):
+ *
+ * if value does not exist yet in the db, use *oldval as initial old value.
+ * return old value in *oldval.
+ * store *oldval + change_val to db.
+ */
int32 dbwrap_change_int32_atomic(struct db_context *db, const char *keystr,
int32 *oldval, int32 change_val)
{
@@ -139,9 +157,13 @@ int32 dbwrap_change_int32_atomic(struct db_context *db, const char *keystr,
return -1;
}
- if ((rec->value.dptr != NULL)
- && (rec->value.dsize == sizeof(val))) {
+ if (rec->value.dptr == NULL) {
+ val = *oldval;
+ } else if (rec->value.dsize == sizeof(val)) {
val = IVAL(rec->value.dptr, 0);
+ *oldval = val;
+ } else {
+ return -1;
}
val += change_val;
diff --git a/source/registry/reg_backend_db.c b/source/registry/reg_backend_db.c
index d216e0e..489f076 100644
--- a/source/registry/reg_backend_db.c
+++ b/source/registry/reg_backend_db.c
@@ -1144,8 +1144,7 @@ bool regdb_store_values( const char *key, REGVAL_CTR *values )
goto done;
}
- status = dbwrap_trans_store(regdb, string_term_tdb_data(keystr), data,
- TDB_REPLACE);
+ status = dbwrap_trans_store_bystring(regdb, keystr, data, TDB_REPLACE);
result = NT_STATUS_IS_OK(status);
@@ -1219,8 +1218,7 @@ static WERROR regdb_set_secdesc(const char *key,
if (secdesc == NULL) {
/* assuming a delete */
- status = dbwrap_trans_delete(regdb,
- string_term_tdb_data(tdbkey));
+ status = dbwrap_trans_delete_bystring(regdb, tdbkey);
if (NT_STATUS_IS_OK(status)) {
err = WERR_OK;
} else {
@@ -1236,8 +1234,7 @@ static WERROR regdb_set_secdesc(const char *key,
goto done;
}
- status = dbwrap_trans_store(regdb, string_term_tdb_data(tdbkey),
- tdbdata, 0);
+ status = dbwrap_trans_store_bystring(regdb, tdbkey, tdbdata, 0);
if (!NT_STATUS_IS_OK(status)) {
err = ntstatus_to_werror(status);
goto done;
--
Samba Shared Repository
More information about the samba-cvs
mailing list